tun: Add ioctl() TUNGETDEVNETNS cmd to allow obtaining real net ns of tun device

Submitted by Alexander Mikhalitsyn on Nov. 6, 2019, 10:57 a.m.

Details

Message ID 20191106105722.18602-1-alexander.mikhalitsyn@virtuozzo.com
State New
Series "tun: Add ioctl() TUNGETDEVNETNS cmd to allow obtaining real net ns of tun device"
Headers show

Commit Message

Alexander Mikhalitsyn Nov. 6, 2019, 10:57 a.m.
In commit f2780d6d7475 "tun: Add ioctl() SIOCGSKNS cmd to allow
obtaining net ns of tun device" it was missed that tun may change
its net ns, while net ns of socket remains the same as it was
created initially. SIOCGSKNS returns net ns of socket, so it is
not suitable for obtaining net ns of device.

We may have two tun devices with the same names in two net ns,
and in this case it's not possible to determ, which of them
fd refers to (TUNGETIFF will return the same name).

This patch adds new ioctl() cmd for obtaining net ns of a device.

Reported-by: Harald Albrecht <harald.albrecht@gmx.net>
Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

https://jira.sw.ru/browse/PSBM-99027
(ported from commit 0c3e0e3bb623c3735b8c9ab8aa8332f944f83a9f)
Signed-off-by: Alexander Mikhalitsyn <alexander.mikhalitsyn@virtuozzo.com>
---
 drivers/net/tun.c           | 10 ++++++++++
 include/uapi/linux/if_tun.h |  1 +
 2 files changed, 11 insertions(+)

Patch hide | download patch | download mbox

diff --git a/drivers/net/tun.c b/drivers/net/tun.c
index e65ded4..d4c3866 100644
--- a/drivers/net/tun.c
+++ b/drivers/net/tun.c
@@ -2326,6 +2326,7 @@  static long __tun_chr_ioctl(struct file *file, unsigned int cmd,
 	void __user* argp = (void __user*)arg;
 	unsigned int ifindex, carrier;
 	struct ifreq ifr;
+	struct net *net;
 	kuid_t owner;
 	kgid_t group;
 	int sndbuf;
@@ -2402,6 +2403,7 @@  static long __tun_chr_ioctl(struct file *file, unsigned int cmd,
 
 	tun_debug(KERN_INFO, tun, "tun_chr_ioctl cmd %u\n", cmd);
 
+	net = dev_net(tun->dev);
 	ret = 0;
 	switch (cmd) {
 	case TUNGETIFF:
@@ -2615,6 +2617,14 @@  static long __tun_chr_ioctl(struct file *file, unsigned int cmd,
 		ret = tun_net_change_carrier(tun->dev, (bool)carrier);
 		break;
 
+	case TUNGETDEVNETNS:
+		ret = -EPERM;
+		if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
+			goto unlock;
+
+		ret = open_net_ns_fd(net);
+		break;
+
 	default:
 		ret = -EINVAL;
 		break;
diff --git a/include/uapi/linux/if_tun.h b/include/uapi/linux/if_tun.h
index af37baf..b248123 100644
--- a/include/uapi/linux/if_tun.h
+++ b/include/uapi/linux/if_tun.h
@@ -57,6 +57,7 @@ 
 #define TUNSETVNETBE _IOW('T', 222, int)
 #define TUNGETVNETBE _IOR('T', 223, int)
 #define TUNSETCARRIER _IOW('T', 226, int)
+#define TUNGETDEVNETNS _IO('T', 227)
 
 /* CONFIG_VE_TUNTAP_ACCOUNTING should be set */
 #define TUNSETACCTID _IOW('T', 300, struct ifreq)

Comments

Kirill Gorkunov Nov. 6, 2019, 11:07 a.m.
On Wed, Nov 06, 2019 at 01:57:56PM +0300, Alexander Mikhalitsyn wrote:
> In commit f2780d6d7475 "tun: Add ioctl() SIOCGSKNS cmd to allow
> obtaining net ns of tun device" it was missed that tun may change
> its net ns, while net ns of socket remains the same as it was
> created initially. SIOCGSKNS returns net ns of socket, so it is
> not suitable for obtaining net ns of device.
> 
> We may have two tun devices with the same names in two net ns,
> and in this case it's not possible to determ, which of them
> fd refers to (TUNGETIFF will return the same name).
> 
> This patch adds new ioctl() cmd for obtaining net ns of a device.
> 
> Reported-by: Harald Albrecht <harald.albrecht@gmx.net>
> Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
> Signed-off-by: David S. Miller <davem@davemloft.net>
> 
> https://jira.sw.ru/browse/PSBM-99027
> (ported from commit 0c3e0e3bb623c3735b8c9ab8aa8332f944f83a9f)
> Signed-off-by: Alexander Mikhalitsyn <alexander.mikhalitsyn@virtuozzo.com>
Acked-by: Cyrill Gorcunov <gorcunov@virtuozzo.com>
Kirill Tkhai Nov. 6, 2019, 11:09 a.m.
On 06.11.2019 13:57, Alexander Mikhalitsyn wrote:
> In commit f2780d6d7475 "tun: Add ioctl() SIOCGSKNS cmd to allow
> obtaining net ns of tun device" it was missed that tun may change
> its net ns, while net ns of socket remains the same as it was
> created initially. SIOCGSKNS returns net ns of socket, so it is
> not suitable for obtaining net ns of device.
> 
> We may have two tun devices with the same names in two net ns,
> and in this case it's not possible to determ, which of them
> fd refers to (TUNGETIFF will return the same name).
> 
> This patch adds new ioctl() cmd for obtaining net ns of a device.
> 
> Reported-by: Harald Albrecht <harald.albrecht@gmx.net>
> Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
> Signed-off-by: David S. Miller <davem@davemloft.net>
> 
> https://jira.sw.ru/browse/PSBM-99027
> (ported from commit 0c3e0e3bb623c3735b8c9ab8aa8332f944f83a9f)
> Signed-off-by: Alexander Mikhalitsyn <alexander.mikhalitsyn@virtuozzo.com>

Acked-by: Kirill Tkhai <ktkhai@virtuozzo.com>

> ---
>  drivers/net/tun.c           | 10 ++++++++++
>  include/uapi/linux/if_tun.h |  1 +
>  2 files changed, 11 insertions(+)
> 
> diff --git a/drivers/net/tun.c b/drivers/net/tun.c
> index e65ded4..d4c3866 100644
> --- a/drivers/net/tun.c
> +++ b/drivers/net/tun.c
> @@ -2326,6 +2326,7 @@ static long __tun_chr_ioctl(struct file *file, unsigned int cmd,
>  	void __user* argp = (void __user*)arg;
>  	unsigned int ifindex, carrier;
>  	struct ifreq ifr;
> +	struct net *net;
>  	kuid_t owner;
>  	kgid_t group;
>  	int sndbuf;
> @@ -2402,6 +2403,7 @@ static long __tun_chr_ioctl(struct file *file, unsigned int cmd,
>  
>  	tun_debug(KERN_INFO, tun, "tun_chr_ioctl cmd %u\n", cmd);
>  
> +	net = dev_net(tun->dev);
>  	ret = 0;
>  	switch (cmd) {
>  	case TUNGETIFF:
> @@ -2615,6 +2617,14 @@ static long __tun_chr_ioctl(struct file *file, unsigned int cmd,
>  		ret = tun_net_change_carrier(tun->dev, (bool)carrier);
>  		break;
>  
> +	case TUNGETDEVNETNS:
> +		ret = -EPERM;
> +		if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
> +			goto unlock;
> +
> +		ret = open_net_ns_fd(net);
> +		break;
> +
>  	default:
>  		ret = -EINVAL;
>  		break;
> diff --git a/include/uapi/linux/if_tun.h b/include/uapi/linux/if_tun.h
> index af37baf..b248123 100644
> --- a/include/uapi/linux/if_tun.h
> +++ b/include/uapi/linux/if_tun.h
> @@ -57,6 +57,7 @@
>  #define TUNSETVNETBE _IOW('T', 222, int)
>  #define TUNGETVNETBE _IOR('T', 223, int)
>  #define TUNSETCARRIER _IOW('T', 226, int)
> +#define TUNGETDEVNETNS _IO('T', 227)
>  
>  /* CONFIG_VE_TUNTAP_ACCOUNTING should be set */
>  #define TUNSETACCTID _IOW('T', 300, struct ifreq)
>